- *BASICS*
- The Knox Ecosystem
- Samsung Knox Portal
- Knox Licenses
- *FOR IT ADMINS*
- Knox Suite
- Knox Platform for Enterprise
- White paper
- Admin Guide
- Knox Service Plugin
- Knox Mobile Enrollment
- Knox Configure
- Mobile
- Wearables
- Shared Device
- Knox Manage
- Introduction
- Release Notes
- Getting Started
- Configure
- Licenses
- Organization
- Users
- Sync user information
- Groups
- Devices
- Content
- Applications
- Profile
- Knox E-FOTA
- Certificates
- Advanced settings
- Monitor
- Kiosk devices
- Remote Support
- Active Directory
- Microsoft Exchange
- Mobile Admin
- Appendix
- Knox E-FOTA
- *FOR RESELLERS*
- Knox Deployment Program
- *FOR MANAGED SERVICE PROVIDERS*
- Knox MSP Program
Knox White Paper
Knox supports advanced device configurations tailored to the defense industry. A single Knox setting can apply many of the settings needed to put the device into a compliant state. This setting, called Common Criteria Mode or CC Mode, helps simplify the task of correctly configuring a device for deployments that must meet defense-grade security requirements. The Common Criteria for Information Technology Security Evaluation, commonly referred to as Common Criteria, is an internationally-recognized standard for defining security objectives of information technology products and for evaluating vendor compliance with these objectives. A number of Governments use Common Criteria as the basis for their own certification schemes.
Select Samsung Galaxy devices with the Knox Platform embedded received Common Criteria (CC) certification. The current CC certification targets the new Mobile Device Fundamentals Protection Profile (MDFPP) of the National Information Assurance Partnership (NIAP), which addresses the security requirements of mobile devices for use in enterprise. Samsung Knox is approved by the United States Government as the first NIAP-validated consumer mobile devices to handle the full range of classified information.
An IT admin can enable the device to be placed into the Common Criteria configuration. When enabled, the device:
- Blocks bootloader download mode, the manual method for software updates
- Mandates additional key zeroization on key deletion
- Prevents non-authenticated Bluetooth connections
- Requires that FOTA updates have a 2048-bit RSA-PSS signature
- Uses many other security settings
While other optional configuration steps are still recommended on top of Common Criteria Mode, the value is clear: simplifying the correct configuration of endpoints for high-security deployments saves time and prevents mistakes that can lead to misconfigurations and added security risks.
More information
Refer to the following Knowledge Base Articles for details about:
